Esri

Portal For Arcgis

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-38040

  • EPSS 0.47%
  • Veröffentlicht 04.10.2024 18:15:07
  • Zuletzt bearbeitet 10.04.2025 19:16:00

There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files.

5.4

CVE-2024-38039

  • EPSS 0.27%
  • Veröffentlicht 04.10.2024 18:15:07
  • Zuletzt bearbeitet 15.10.2024 14:34:00

There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful ch...

6.1

CVE-2024-38038

  • EPSS 0.3%
  • Veröffentlicht 04.10.2024 18:15:07
  • Zuletzt bearbeitet 10.04.2025 20:15:19

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

6.1

CVE-2024-38037

  • EPSS 0.3%
  • Veröffentlicht 04.10.2024 18:15:07
  • Zuletzt bearbeitet 10.04.2025 19:16:00

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.

4.8

CVE-2024-25702

  • EPSS 0.27%
  • Veröffentlicht 04.10.2024 18:15:06
  • Zuletzt bearbeitet 10.04.2025 20:15:18

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when click...

4.8

CVE-2024-25694

  • EPSS 0.27%
  • Veröffentlicht 04.10.2024 18:15:06
  • Zuletzt bearbeitet 10.04.2025 20:15:18

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the Layer Showcase application configuration ...

4.8

CVE-2024-25701

  • EPSS 0.27%
  • Veröffentlicht 04.10.2024 18:15:06
  • Zuletzt bearbeitet 10.04.2025 20:15:18

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the Experience Builder Emb...

4.8

CVE-2024-25707

  • EPSS 0.33%
  • Veröffentlicht 04.10.2024 18:15:06
  • Zuletzt bearbeitet 15.10.2024 14:34:43

There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScr...

5.4

CVE-2024-38036

  • EPSS 0.57%
  • Veröffentlicht 04.10.2024 18:15:06
  • Zuletzt bearbeitet 10.04.2025 19:15:59

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victi...

6.1

CVE-2024-25691

  • EPSS 0.3%
  • Veröffentlicht 04.10.2024 18:15:05
  • Zuletzt bearbeitet 10.04.2025 20:15:18

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’...